How does the risk scoring system work?

The skill uses a risk matrix that calculates a level (Low to Critical) by cross-referencing the potential impact of a threat with its likelihood of occurrence.

Does this skill require existing documentation?

Yes, for the best results, it requires existing requirements.md and design.md files to understand the system architecture and data flows.

How are the security requirements formatted?

Mitigations are converted into REQ-SEC-xxx formatted requirements using EARS (Easy Approach to Requirements Syntax) and include Given-When-Then (GWT) acceptance criteria.

STRIDE Threat Modeling Assistant

Name: STRIDE Threat Modeling Assistant
Author: taiyousan15

bytaiyousan15

0•

Security & Testing

Generates comprehensive STRIDE-based threat models and security requirements to identify and mitigate risks during software design.

The sdd-threat skill automates the critical process of security threat modeling using the industry-standard STRIDE framework. By analyzing your existing requirements and design documents, it identifies protected assets and trust boundaries to uncover vulnerabilities related to Spoofing, Tampering, Repudiation, Information Disclosure, DoS, and Elevation of Privilege. The skill produces a structured threat-model.md file featuring detailed risk scoring and actionable mitigation strategies, which are then converted into formalized security requirements (REQ-SEC) to ensure your application is secure by design.

Key Features

01Automated identification of data assets and trust boundaries

02Risk level calculation using an impact-likelihood matrix

030 GitHub stars

04Direct derivation of security requirements (REQ-SEC-xxx) using EARS syntax

05Comprehensive STRIDE-based security analysis

06Integration with existing design.md and requirements.md files

Use Cases

01Mapping trust boundaries and data flows to identify high-risk attack surfaces

02Conducting security audits during the initial architectural design phase

03Generating compliance-ready security documentation for enterprise projects

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add taiyousan15/taisun_agent sdd-threat

For use in Claude.ai and ChatGPT

Download Skill